Deal with abuse, phishing, or spam in Outlook.com

Here’s how to deal with online abuse, phishing scams, and junk email sent to or coming from Outlook.com mail accounts. These steps also work for hotmail.com, msn.com, and live.com email addresses.

To report abuse

If you're being threatened, please call your local law enforcement.

To report harassment, impersonation, child exploitation, child pornography, or other illegal activities received via an Outlook.com account, forward the offending email to abuse@Outlook.com. Include any relevant info, such as the number of times you've receive messages from the account, and the relationship, if any, between you and the sender.

To report abuse received from a non-Outlook account, go to http://abuse.net to identify the correct abuse reporting address.

If your Outlook.com account has been hacked

If someone has gotten into your Outlook.com account, or you got a confirmation email for a password change you didn’t authorize, you can recover your account. See My account has been hacked.

Help protect yourself from phishing scams

You might receive email that seems legitimate, but is actually a phishing scam—an attempt to get your personal info or steal your money.

Never reply to an email that asks you to send personal or account info.

In suspicious-looking email, never click links that supposedly take you to a company website. The sender might be spoofing the website (providing their own fake version) to collect your sign-in info.

Never open any file attached to a suspicious-looking email. It might contain a virus or other malware.

If the email claims to come from some company, contact the company’s customer service via phone or online to see if the email is legitimate. You can also forward the email to the third party’s abuse or fraud department.

Go to a hoax-debunking website like snopes.com and search on the email’s subject.

Resist the urge to respond, even to taunt or chastise the sender. You’ll just confirm that your email address is valid, and end up getting more junk email.

Report phishing scams, junk email, or unsolicited email

You help thwart spammers when you report phishing scams, junk email, or unsolicited email. Plus, it's easy. In Outlook.com, click the arrow next to Junk and select:

Junk for routine unwanted email.

Phishing scam for email that is trying to trick you into giving out your personal info (like passwords, bank info, or your Social Security number) or to steal your money.

My friend's been hacked if you start getting junk email or phishing from a sender you would normally trust.

Recognizing phishing scams

Here are some tips to help you recognize when an email is a scam.

When the offer seems too good to be true.

When the email asks you to send personal or account info (like your user name and password, your date of birth, Social Security number, or bank info) by replying to the email. Microsoft and other legitimate companies will never ask you to provide this sort of info via email. They'll ask you to go to their website to sign in and update your info there.

Warning: In suspicious-looking email, never click links that supposedly take you to a company website. The sender might be spoofing the website (providing their own fake version) to collect your sign-in info. When in doubt, go to the website using favorites, search history, or by entering the URL in the address box.

When the sender’s email address has an overseas domain. For example: someone@example.uk.co, @example.ru, or @example.ng.

When the sender's email address has a domain that's a string of seemingly random numbers and or letters. For example: @VNbM6f3.com.

When the sender’s name in the header doesn’t match the sender's email address.

When the tone is personal and confidential, but it looks like a group email, with a generic greeting. For example: “Dear Microsoft Customer” or “Dear Trusted Sir or Madam”.

Five common types of scams

Here are five of the most common types of scams, with additional clues on how to recognize them.

The scam: You get an email that looks like it's from your bank, or an e-commerce service like PayPal or Ebay, or from your email provider, warning that your account will be suspended or closed unless you “verify” your account by replying with your account info.

What the scammer wants: In the case of bank or e-commerce scams, they want your personal info so they can steal your identity, empty your bank accounts, and run up charges on your credit card. If it’s supposedly from your email provider, the scammer wants your email account user name and password so they can hack your account and use it to send out junk email.

Additional clues that it’s a scam: It demands an urgent reply (for example, “You must verify within twenty-four hours”). This gives you little time to research if it’s legitimate.

Actions you can take: First and foremost, do NOT reply with any personal or account info, matter how dire the warnings sound.

If it's a bank or e-commerce site, contact the company’s customer service via phone or online to see if the email is legitimate.

If it claims to be from Outlook.com, forward the email to report_spam@Outlook.com.

The scam: There’s money sitting in some account that some official-sounding person wants to share with you. All you have to do is send him your personal info or some money.

What the scammer wants: Sometimes they just want you to send them money. Other times they want your personal info so they can steal your identity, empty your bank accounts, and run up charges on your credit card.

Additional clues that it’s a scam:

Any deal that involves an international bank, or where you have to send your info or cash overseas should be highly suspect.

There’s often an element of larceny. Maybe the money isn’t really yours or theirs, but the rightful owner is dead, or a corrupt official, or some faceless company who will never miss it. Or the money is supposedly yours, but some other party is trying to steal it.

If there’s anything at all suspect about the deal, or if you don't understand why someone you don't know is making you (out of all the people in the world) this offer, you can bet that you’re being conned.

Actions you can take:
First and foremost, do NOT reply with any personal or financial info, matter how tempting the offer sounds.

Go to a hoax-debunking website like snopes.com and search on the email’s subject.

The scam: Congratulations! You just won the lottery! Or you were entered in a Microsoft sweepstakes and you’ve won the jackpot!

What the scammer wants: Your personal info so they can steal your identity and empty your bank accounts.

Additional clues that it’s a scam:

You were entered in the lottery or sweepstakes without your knowledge or permission.

They ask for your bank info so they can make a direct deposit.

The purpose of a sweepstakes is so the company can gather personal info via the form you fill out when you enter. They then sell that info or use it to market their products and services to you. No legitimate sweepstake needs you to give them your info—you already did.

Actions you can take:
First and foremost, do NOT reply with any personal or financial info, matter how tempting the offer sounds.

Go to a hoax-debunking website like snopes.com and search on the email’s subject.

The scam:A friend of yours is on vacation and got stranded. They need you to wire them some money, fast!

What the scammer wants: For you to send them some money.

Additional clues that it’s a scam:
This one can be tougher to spot. Typically, the scammer has hacked your friend’s email account and sent this “emergency” email to your friend’s contact list. The sender email address will be legitimate. The salutation might even be personal (“Dear Joe”) but is the email really from your friend?

Actions you can take:
Before you do anything else, stop and do a reality check.

Pick up the phone and call your friend. If you can’t get a hold of them, try contacting mutual friends.

Ask yourself the following questions:

The email probably says they are desperate and don’t know where else to turn, but do the two of you have the sort of relationship where they would turn to you for such a request?

Did they say anything to you earlier about taking a trip?

What’s the likelihood of your friend being in the situation the email claims they are in, of doing whatever the email claims they have done?

Does it sound like your friend?

Unless you can contact your friend or a reliable mutual friend by some method other than email, you should probably assume it's a scam. Report it as My friend's been hacked (see above).